From 126f1659ea17b1dfb936acfd2ad597ab798a8feb Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Mon, 13 Sep 2021 13:49:37 +0200
Subject: [PATCH] Auto-generate SECRET_KEY in Debian package, minor improvement
 of uffd-admin

---
 debian/contrib/uffd-admin | 8 ++++----
 debian/postinst           | 7 +++++++
 debian/uffd.cfg           | 1 +
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/debian/contrib/uffd-admin b/debian/contrib/uffd-admin
index eaa1063d..897f6904 100755
--- a/debian/contrib/uffd-admin
+++ b/debian/contrib/uffd-admin
@@ -1,15 +1,15 @@
-#!/bin/bash -x
+#!/bin/sh
 
-set -e
+set -eu
 
 export FLASK_APP=/usr/share/uffd/uffd
 export CONFIG_FILENAME=/etc/uffd/uffd.cfg
 
 if [ "$(whoami)" = "uffd" ]; then
 	flask "$@"
-elif command -v sudo &> /dev/null; then
+elif command -v sudo > /dev/null 2>&1; then
 	exec sudo --preserve-env=FLASK_APP,CONFIG_FILENAME -u uffd flask "$@"
-elif command -v runuser &> /dev/null; then
+elif command -v runuser > /dev/null 2>&1; then
 	exec runuser --preserve-environment -u uffd -- flask "$@"
 else
 	echo "Could not not become 'uffd' user, exiting"
diff --git a/debian/postinst b/debian/postinst
index 0c5816f0..7609f592 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -10,6 +10,13 @@ case "$1" in
 		chown -R uffd:uffd /var/lib/uffd
 		chmod 0770 /var/lib/uffd
 
+		python3 <<EOF
+import secrets
+cfg = open('/etc/uffd/uffd.cfg', 'r').read()
+cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n',
+                  '\nSECRET="'+secrets.token_hex(128)+'"\n', 1)
+open('/etc/uffd/uffd.cfg', 'w').write(cfg)
+EOF
 		chown root:uffd /etc/uffd/uffd.cfg
 		chmod 0640 /etc/uffd/uffd.cfg
 
diff --git a/debian/uffd.cfg b/debian/uffd.cfg
index 954a0a99..0bf9babf 100644
--- a/debian/uffd.cfg
+++ b/debian/uffd.cfg
@@ -1,2 +1,3 @@
 FLASK_ENV="production"
 SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite"
+#SECRET=autogenerated by postinst script
-- 
GitLab